Hey,
I have a problem with the jetty authentication. I use the HashLoginModule, which is configured in the jetty.xml. The problem is, that I find no way to write the username in the session, so after login I have no username to deal with. Has anyone solved the same or a similar problem? Or are there any tips how to implement a secure login, after that I can use the entered username in the session?
regards
Florian
Hello Florian,
you might want to ask this question on the jetty mailing list as this seems to be not really specific to BaseX. You most likely also will get a more useful response as we are no jetty experts per se. However, I also couldn't find any HashLoginModule in our default jetty.xml (and I did a quick google search and could find anything), so I am not really sure what you actually do. Might be useful to post the relevant part of your jetty.xml.
Btw, in our RestXQ-based applications we mainly use application-defined authentication, i.e. we first check the proper login within each output function, so something like:
if(not(_:logged-in())) then () else
where _:logged-in() is simply
declare function _:logged-in() as xs:boolean { boolean(_:id()) };
and we set the session variable during login.
Cheers, Dirk
On 08/26/2013 11:25 AM, Florian Eckey wrote:
Hey,
I have a problem with the jetty authentication. I use the HashLoginModule, which is configured in the jetty.xml. The problem is, that I find no way to write the username in the session, so after login I have no username to deal with. Has anyone solved the same or a similar problem? Or are there any tips how to implement a secure login, after that I can use the entered username in the session?
regards
Florian
BaseX-Talk mailing list BaseX-Talk@mailman.uni-konstanz.de https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk
basex-talk@mailman.uni-konstanz.de
-
Dirk Kirsten -
Florian Eckey